diff options
| author | openeuler-ci-bot <george@openeuler.sh> | 2024-04-09 07:03:15 +0000 |
|---|---|---|
| committer | Gitee <noreply@gitee.com> | 2024-04-09 07:03:15 +0000 |
| commit | d35c6507fc652b8a4e59b7cb1f4ea078e049cb81 (patch) | |
| tree | 5df413b17195d4ab61aa31a6ee940905eede2ef3 | |
| parent | b5dba2222855381201f3a1a5def2d7ad6605523a (diff) | |
| parent | 3abb561b5c37fde322ce4b8d3bbdb01341d1b36b (diff) | |
| download | openEuler-kernel-d35c6507fc652b8a4e59b7cb1f4ea078e049cb81.tar.gz | |
!5792 usb: hub: Guard against accesses to uninitialized BOS descriptors
Merge Pull Request from: @ci-robot
PR sync from: Jinjiang Tu <tujinjiang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/GADNHTDLCMCCBKUYCKZGI7JZX7O5IF5A/
https://gitee.com/src-openeuler/kernel/issues/I94P5J
Link:https://gitee.com/openeuler/kernel/pulls/5792
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
| -rw-r--r-- | drivers/usb/core/hub.c | 28 | ||||
| -rw-r--r-- | drivers/usb/core/hub.h | 2 |
2 files changed, 25 insertions, 5 deletions
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 580604596499a7..b91b01c2c5dee0 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -149,6 +149,10 @@ int usb_device_supports_lpm(struct usb_device *udev) if (udev->quirks & USB_QUIRK_NO_LPM) return 0; + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return 0; + /* USB 2.1 (and greater) devices indicate LPM support through * their USB 2.0 Extended Capabilities BOS descriptor. */ @@ -325,6 +329,10 @@ static void usb_set_lpm_parameters(struct usb_device *udev) if (!udev->lpm_capable || udev->speed < USB_SPEED_SUPER) return; + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return; + hub = usb_hub_to_struct_hub(udev->parent); /* It doesn't take time to transition the roothub into U0, since it * doesn't have an upstream link. @@ -2684,7 +2692,8 @@ out_authorized: } /* - * Return 1 if port speed is SuperSpeedPlus, 0 otherwise + * Return 1 if port speed is SuperSpeedPlus, 0 otherwise or if the + * capability couldn't be checked. * check it from the link protocol field of the current speed ID attribute. * current speed ID is got from ext port status request. Sublink speed attribute * table is returned with the hub BOS SSP device capability descriptor @@ -2694,8 +2703,12 @@ static int port_speed_is_ssp(struct usb_device *hdev, int speed_id) int ssa_count; u32 ss_attr; int i; - struct usb_ssp_cap_descriptor *ssp_cap = hdev->bos->ssp_cap; + struct usb_ssp_cap_descriptor *ssp_cap; + if (!hdev->bos) + return 0; + + ssp_cap = hdev->bos->ssp_cap; if (!ssp_cap) return 0; @@ -4114,8 +4127,15 @@ static void usb_enable_link_state(struct usb_hcd *hcd, struct usb_device *udev, enum usb3_link_state state) { int timeout, ret; - __u8 u1_mel = udev->bos->ss_cap->bU1devExitLat; - __le16 u2_mel = udev->bos->ss_cap->bU2DevExitLat; + __u8 u1_mel; + __le16 u2_mel; + + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return; + + u1_mel = udev->bos->ss_cap->bU1devExitLat; + u2_mel = udev->bos->ss_cap->bU2DevExitLat; /* If the device says it doesn't have *any* exit latency to come out of * U1 or U2, it's probably lying. Assume it doesn't implement that link diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 22ea1f4f2d66d7..db4c7e2c5960d1 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -141,7 +141,7 @@ static inline int hub_is_superspeedplus(struct usb_device *hdev) { return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS && le16_to_cpu(hdev->descriptor.bcdUSB) >= 0x0310 && - hdev->bos->ssp_cap); + hdev->bos && hdev->bos->ssp_cap); } static inline unsigned hub_power_on_good_delay(struct usb_hub *hub) |